- Cloud Collectors Overview
- Administration
- Administrative Access
- Shareable Service Accounts
- Add Accounts for AWS Cloud Collectors
- Add Accounts for Cisco Duo Cloud Collector
- Add Accounts for Google Cloud Collectors
- Add Accounts for Microsoft Cloud Collectors
- Add Accounts for Okta Cloud Collectors
- Add Accounts for Salesforce Cloud Collectors
- Add Accounts for Splunk Cloud Collectors
- Add Accounts for Trend Micro Cloud Collectors
- Add Accounts for Wiz
- Define a Unique Site Name
- Sign Up for the Early Access Program
- Onboard Cloud Collectors
- Abnormal Security Cloud Collector
- AWS CloudTrail Cloud Collectors
- AWS CloudWatch Cloud Collector
- AWS S3 Cloud Collector
- AWS SQS Cloud Collector
- Azure Activity Logs Cloud Collector
- Azure Log Analytics Cloud Collector
- Azure Event Hub Cloud Collector
- Azure Storage Analytics Cloud Collector
- Box Cloud Collector
- Cato Networks Cloud Collector
- Cisco Duo Cloud Collector
- Cisco Umbrella Cloud Collector
- Cribl Cloud Collector
- CrowdStrike Cloud Collectors
- GCP Pub/Sub Cloud Collector
- Microsoft Defender XDR (via Azure Event Hub) Cloud Collector
- Microsoft Entra ID Context Cloud Collector
- Microsoft Entra ID Logs Cloud Collector
- Microsoft 365 Exchange Admin Reports Cloud Collector
- Supported Sources from Microsoft 365 Exchange Admin Reports
- Migrate to the Microsoft 365 Exchange Admin Reports Cloud Collector
- Prerequisites to Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Troubleshooting the Microsoft 365 Exchange Admin Reports Cloud Collector
- Microsoft 365 Management Activity Cloud Collector
- Microsoft Security Alerts Cloud Collector
- Microsoft Sentinel (via Event Hub) Cloud Collector
- Netskope Alerts Cloud Collector
- Netskope Events Cloud Collector
- Okta Cloud Collector
- Okta Context Cloud Collector
- Palo Alto Networks Cortex Data Lake Cloud Collector
- Proofpoint On-Demand Cloud Collector
- Proofpoint Targeted Attack Protection Cloud Collector
- Recorded Future Cloud Collector
- Salesforce Cloud Collector
- SentinelOne Alerts Cloud Collector
- SentinelOne Cloud Funnel Cloud Collector
- SentinelOne Threats Cloud Collector
- SentinelOne Cloud Collector
- Splunk Cloud Collector
- Symantec Endpoint Security Cloud Collector
- Trend Vision One Cloud Collector
- Zscaler ZIA Cloud Collector
- Webhook Cloud Collectors
- Wiz Issues Cloud Collector
- Wiz API Cloud Collector
- Troubleshooting Cloud Collectors
Navigate the Cloud Collectors UI
The Cloud Collectors service includes three tabs, Overview, Collectors, and Accounts. The functionality available from each tab is described below.
Overview Tab
This tab lists all of the cloud collectors that you configured in your environment. The list can be filtered by vendor and by status. You can use the search field to navigate to a specific collector.
On the Overview tab, you can click the name of a specific collector to open a page that displays collector details. You can also click New Collector to navigate to the Collectors tab where you can create a new cloud collector.
The Overview tab includes the following information for each cloud collector:
Type – Displays the name of the vendor.
Name – Displays the name of the collector that you create and specify a name for. Click the name of the Cloud Collector to view the collector details such as status, volume received, and error messages with recommended action. For more information, see Collector Details Pane.
Volume in the Last Day – Displays the volume of data collected by the collector last day.
Last Log Received – Displays the time when the log was last received.
Status – Displays the status of the installed collector instance to indicate whether the collector is running, stopped, or in error state.
All Vendors – Provides options to filter records based on vendors.
All Status – Provides options to filter records based on status of the installed cloud collector status.
Collector Details Pane
The collector details pane displays status, volume of the log received, and error messages with details such as error type, error code, and recommended action. For more information about error messages, see Troubleshooting Cloud Collectors.
The graph displays a volume of logs ingested within a specific time period such as last day, in the last week, or within one month, or within three months.
Collectors Tab
The Collectors tab lists all the supported cloud collectors that you can install in your environment. You can filter the list by name, vendors, and by collectors. You can use the search field to navigate to a specific collector.
Click the tile for the vendor for which you want to create a cloud collector instance. After you install a collector instance or more collector instances, the tile displays number of instances installed.
Accounts Tab
The Accounts tab lists all shareable accounts that you created for cloud collectors in your environment. The account can be reused across one or more cloud collectors of the same type. The shareable accounts help streamline the onboarding of your cloud collectors. If your credentials ever change you can easily update them and then test the connection for all collectors simultaneously.
Currently only AWS accounts are shareable.
On the Accounts tab, you can filter and sort the accounts by Vendor, Account Name, Collectors, and Status. You can also use the search to quickly locate a specific account.
Note
With read-only access you can only view the details of cloud collector instances and cannot create, edit, and delete a cloud collector instance. Having read-only access also restrains you from creating an account, testing a connection, editing details, and saving changes.